mirror of
https://github.com/guanzhi/GmSSL.git
synced 2026-06-20 03:44:15 +08:00
Fix SM9 bugs
This commit is contained in:
Zhi Guan
@@ -818,7 +818,7 @@ endif()
|
|||||||
#
|
#
|
||||||
set(CPACK_PACKAGE_NAME "GmSSL")
|
set(CPACK_PACKAGE_NAME "GmSSL")
|
||||||
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
|
||||||
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1071")
|
set(CPACK_PACKAGE_VERSION "3.2.0-dev.1072")
|
||||||
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
|
||||||
set(CPACK_NSIS_MODIFY_PATH ON)
|
set(CPACK_NSIS_MODIFY_PATH ON)
|
||||||
include(CPack)
|
include(CPack)
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ extern "C" {
|
|||||||
|
|
||||||
|
|
||||||
#define GMSSL_VERSION_NUM 30200
|
#define GMSSL_VERSION_NUM 30200
|
||||||
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1071"
|
#define GMSSL_VERSION_STR "GmSSL 3.2.0-dev.1072"
|
||||||
|
|
||||||
int gmssl_version_num(void);
|
int gmssl_version_num(void);
|
||||||
const char *gmssl_version_str(void);
|
const char *gmssl_version_str(void);
|
||||||
|
|||||||
@@ -78,6 +78,10 @@ int sm9_kem_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen, const
|
|||||||
SM3_KDF_CTX kdf_ctx;
|
SM3_KDF_CTX kdf_ctx;
|
||||||
|
|
||||||
// B1: check C in G1
|
// B1: check C in G1
|
||||||
|
if (sm9_z256_point_is_on_curve(C) != 1) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
sm9_z256_point_to_uncompressed_octets(C, cbuf);
|
sm9_z256_point_to_uncompressed_octets(C, cbuf);
|
||||||
|
|
||||||
// B2: w = e(C, de);
|
// B2: w = e(C, de);
|
||||||
@@ -111,6 +115,15 @@ int sm9_do_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
|
|||||||
SM3_HMAC_CTX hmac_ctx;
|
SM3_HMAC_CTX hmac_ctx;
|
||||||
uint8_t K[SM9_MAX_PLAINTEXT_SIZE + 32];
|
uint8_t K[SM9_MAX_PLAINTEXT_SIZE + 32];
|
||||||
|
|
||||||
|
if (!mpk || !id || !idlen || !C1 || !c2 || !c3) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (inlen > SM9_MAX_PLAINTEXT_SIZE) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (sm9_kem_encrypt(mpk, id, idlen, sizeof(K), K, C1) != 1) {
|
if (sm9_kem_encrypt(mpk, id, idlen, sizeof(K), K, C1) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -245,6 +258,11 @@ int sm9_encrypt(const SM9_ENC_MASTER_KEY *mpk, const char *id, size_t idlen,
|
|||||||
uint8_t c2[SM9_MAX_PLAINTEXT_SIZE];
|
uint8_t c2[SM9_MAX_PLAINTEXT_SIZE];
|
||||||
uint8_t c3[SM3_HMAC_SIZE];
|
uint8_t c3[SM3_HMAC_SIZE];
|
||||||
|
|
||||||
|
// FIXME: 检查应该放在哪一层?还是全检查?
|
||||||
|
if (!mpk || !id || !idlen || !out || !outlen) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
if (inlen > SM9_MAX_PLAINTEXT_SIZE) {
|
if (inlen > SM9_MAX_PLAINTEXT_SIZE) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -270,6 +288,11 @@ int sm9_decrypt(const SM9_ENC_KEY *key, const char *id, size_t idlen,
|
|||||||
size_t c2len;
|
size_t c2len;
|
||||||
const uint8_t *c3;
|
const uint8_t *c3;
|
||||||
|
|
||||||
|
if (!key || !id || !idlen || !in || !inlen || !out || !outlen) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (sm9_ciphertext_from_der(&C1, &c2, &c2len, &c3, &in, &inlen) != 1
|
if (sm9_ciphertext_from_der(&C1, &c2, &c2len, &c3, &in, &inlen) != 1
|
||||||
|| asn1_length_is_zero(inlen) != 1) {
|
|| asn1_length_is_zero(inlen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
|
|||||||
@@ -32,8 +32,6 @@ int sm9_exch_step_1A(const SM9_EXCH_MASTER_KEY *mpk, const char *idB, size_t idB
|
|||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
// Only for testing
|
|
||||||
sm9_z256_from_hex(rA, "00005879DD1D51E175946F23B1B41E93BA31C584AE59A426EC1046A4D03B06C8");
|
|
||||||
|
|
||||||
// A3: RA = rA * Q
|
// A3: RA = rA * Q
|
||||||
sm9_z256_point_mul(RA, rA, RA);
|
sm9_z256_point_mul(RA, rA, RA);
|
||||||
@@ -58,13 +56,12 @@ int sm9_exch_step_1B(const SM9_EXCH_MASTER_KEY *mpk, const char *idA, size_t idA
|
|||||||
|
|
||||||
do {
|
do {
|
||||||
// B2: rand rB in [1, N-1]
|
// B2: rand rB in [1, N-1]
|
||||||
// FIXME: check rb != 0
|
do {
|
||||||
if (sm9_z256_rand_range(rB, sm9_z256_order()) != 1) {
|
if (sm9_z256_rand_range(rB, sm9_z256_order()) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
// Only for testing
|
} while (sm9_z256_is_zero(rB));
|
||||||
sm9_z256_from_hex(rB, "00018B98C44BEF9F8537FB7D071B2C928B3BC65BD3D69E1EEE213564905634FE");
|
|
||||||
|
|
||||||
// B3: RB = rB * Q
|
// B3: RB = rB * Q
|
||||||
sm9_z256_point_mul(RB, rB, RB);
|
sm9_z256_point_mul(RB, rB, RB);
|
||||||
|
|||||||
@@ -78,6 +78,10 @@ int sm9_signature_from_der(SM9_SIGNATURE *sig, const uint8_t **in, size_t *inlen
|
|||||||
int sm9_sign_init(SM9_SIGN_CTX *ctx)
|
int sm9_sign_init(SM9_SIGN_CTX *ctx)
|
||||||
{
|
{
|
||||||
const uint8_t prefix[1] = { SM9_HASH2_PREFIX };
|
const uint8_t prefix[1] = { SM9_HASH2_PREFIX };
|
||||||
|
if (!ctx) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
sm3_init(&ctx->sm3_ctx);
|
sm3_init(&ctx->sm3_ctx);
|
||||||
sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix));
|
sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix));
|
||||||
return 1;
|
return 1;
|
||||||
@@ -85,6 +89,13 @@ int sm9_sign_init(SM9_SIGN_CTX *ctx)
|
|||||||
|
|
||||||
int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
int sm9_sign_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
||||||
{
|
{
|
||||||
|
if (!ctx || (!data && datalen)) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (!data || !datalen) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
sm3_update(&ctx->sm3_ctx, data, datalen);
|
sm3_update(&ctx->sm3_ctx, data, datalen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -93,6 +104,11 @@ int sm9_sign_finish(SM9_SIGN_CTX *ctx, const SM9_SIGN_KEY *key, uint8_t *sig, si
|
|||||||
{
|
{
|
||||||
SM9_SIGNATURE signature;
|
SM9_SIGNATURE signature;
|
||||||
|
|
||||||
|
if (!ctx || !key || !sig || !siglen) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (sm9_do_sign(key, &ctx->sm3_ctx, &signature) != 1) {
|
if (sm9_do_sign(key, &ctx->sm3_ctx, &signature) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
return -1;
|
return -1;
|
||||||
@@ -126,9 +142,6 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Only for testing
|
|
||||||
//sm9_z256_from_hex(r, "00033C8616B06704813203DFD00965022ED15975C662337AED648835DC4B1CBE");
|
|
||||||
|
|
||||||
// A3: w = g^r
|
// A3: w = g^r
|
||||||
sm9_z256_fp12_pow(g, g, r);
|
sm9_z256_fp12_pow(g, g, r);
|
||||||
sm9_z256_fp12_to_bytes(g, wbuf);
|
sm9_z256_fp12_to_bytes(g, wbuf);
|
||||||
@@ -162,6 +175,10 @@ int sm9_do_sign(const SM9_SIGN_KEY *key, const SM3_CTX *sm3_ctx, SM9_SIGNATURE *
|
|||||||
int sm9_verify_init(SM9_SIGN_CTX *ctx)
|
int sm9_verify_init(SM9_SIGN_CTX *ctx)
|
||||||
{
|
{
|
||||||
const uint8_t prefix[1] = { SM9_HASH2_PREFIX };
|
const uint8_t prefix[1] = { SM9_HASH2_PREFIX };
|
||||||
|
if (!ctx) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
sm3_init(&ctx->sm3_ctx);
|
sm3_init(&ctx->sm3_ctx);
|
||||||
sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix));
|
sm3_update(&ctx->sm3_ctx, prefix, sizeof(prefix));
|
||||||
return 1;
|
return 1;
|
||||||
@@ -169,6 +186,13 @@ int sm9_verify_init(SM9_SIGN_CTX *ctx)
|
|||||||
|
|
||||||
int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
int sm9_verify_update(SM9_SIGN_CTX *ctx, const uint8_t *data, size_t datalen)
|
||||||
{
|
{
|
||||||
|
if (!ctx || (!data && datalen)) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
if (!data || !datalen) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
sm3_update(&ctx->sm3_ctx, data, datalen);
|
sm3_update(&ctx->sm3_ctx, data, datalen);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@@ -179,6 +203,11 @@ int sm9_verify_finish(SM9_SIGN_CTX *ctx, const uint8_t *sig, size_t siglen,
|
|||||||
int ret;
|
int ret;
|
||||||
SM9_SIGNATURE signature;
|
SM9_SIGNATURE signature;
|
||||||
|
|
||||||
|
if (!ctx || !sig | !siglen || !mpk || !id || !idlen) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
if (sm9_signature_from_der(&signature, &sig, &siglen) != 1
|
if (sm9_signature_from_der(&signature, &sig, &siglen) != 1
|
||||||
|| asn1_length_is_zero(siglen) != 1) {
|
|| asn1_length_is_zero(siglen) != 1) {
|
||||||
error_print();
|
error_print();
|
||||||
@@ -210,8 +239,16 @@ int sm9_do_verify(const SM9_SIGN_MASTER_KEY *mpk, const char *id, size_t idlen,
|
|||||||
uint8_t Ha[64];
|
uint8_t Ha[64];
|
||||||
|
|
||||||
// B1: check h in [1, N-1]
|
// B1: check h in [1, N-1]
|
||||||
|
if (sm9_z256_is_zero(sig->h) || sm9_z256_cmp(sig->h, sm9_z256_order()) >= 0) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
// B2: check S in G1
|
// B2: check S in G1
|
||||||
|
if (sm9_z256_point_is_on_curve(&sig->S) != 1) {
|
||||||
|
error_print();
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
// B3: g = e(P1, Ppubs)
|
// B3: g = e(P1, Ppubs)
|
||||||
sm9_z256_pairing(g, &mpk->Ppubs, sm9_z256_generator());
|
sm9_z256_pairing(g, &mpk->Ppubs, sm9_z256_generator());
|
||||||
|
|||||||
@@ -25,6 +25,14 @@
|
|||||||
#include <gmssl/x509_key.h>
|
#include <gmssl/x509_key.h>
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
TODO:
|
||||||
|
x509_sign_init/update/finish
|
||||||
|
x509_verify_init/update/finish
|
||||||
|
当使用ECDSA算法时,需要可选多个哈希函数
|
||||||
|
特别是很多CA证书,如icloud.com的证书链,其中CA证书使用的是ecdsa_secp256r1_sha384
|
||||||
|
因此需要x509_sign/verify_init接口中增加一个表示算法的参数
|
||||||
|
*/
|
||||||
|
|
||||||
int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key)
|
int x509_key_set_sm2_key(X509_KEY *x509_key, const SM2_KEY *sm2_key)
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user